The Illusion of Privacy

If you use Facebook, shop on Amazon, or blog, you’ll definitely benefit from reading this blog. Please share with others whose well-being you care about.

A brief example: A few years ago I ran a survey about privacy on Facebook. Over 90% of the respondents (both genders, across all ages) responded that privacy is important to them. However, their actions contrasted sharply with this concern. By merely responding to my survey, they had agreed to provide me access to all of their private information on Facebook. So much for privacy. There is a tendency to assume that we’re being protected, that some geek somewhere has decided something that will guard our information. This is not a valid assumption. Read on!

“Privacy” on Facebook

We’ve all heard, and presumably know, that what we do online isn’t private unless we take extra efforts to make it private. This is what one might think that Facebook’s so-called “privacy settings” are designed to do. You tell Facebook that you’d like a particular status update, photo or any other item to be maintained “private” or accessible only to “Friends.” You expect that this is what will happen, right?

I’m sorry to be the bearer of bad news but this is not the case. Every photo you load in Facebook is immediately available on a public web server that does not require any sort of authentication or special sign-on in order to see the photo.

You are probably thinking that it would be unlikely that anyone would simply stumble upon this photo since it would be unlikely to appear in any search engine. However, if anyone shares the URL (as I just did), it becomes public. Note that the original owner’s permission is not needed nor would that owner even know about that the picture is circulating. Herein lies Lesson #1: Be aware that there are many people besides those with whom you share a picture that can pass it on to others if they so choose. Photos on Facebook are not private.

Now you could be saying to yourself that this is okay since Facebook is “designed for sharing” and therefore those who use it should not have an expectation of privacy. Why then, does Facebook have “privacy settings?” Those settings give people the illusion that the information is private – what a delusion! Thinking that what they’re uploading is private, the photo takers among us may share more as a result of believing that what they’re sharing is private. Big mistake. (Case in point, my friend who found out her husband was fooling around with her bridesmaid via a “private” picture on Facebook.)

Still, it is Facebook. So you expect that nothing you post is private irrespective of the privacy policy and privacy settings. How about shopping on Amazon? Wouldn’t you expect that what you buy or consider buying (by browsing and putting items in your wish list) would remain private? Hope springs eternal but…

“Privacy” on Amazon Windowshop

Amazon has a great service called Amazon Windowshop. You can access it at www.windowshop.com or on the Windowshop application on an iPad, though you might want to read ahead before trying this just yet.

With Windowshop, you can browse a virtual endless storefront of Amazon. It’s a gorgeous, very compelling app. I’ve spent hundreds of dollars due to this app alone. Obviously, it works best when it’s connected to your online profile. Through this, you can make instant purchases and be shown items that are closely related to things that you’ve looked at in the past, items you purchased, and stuff on your various lists. Windowshop personalizes the shopping experience. However, most shoppers would probably prefer that their shopping lists, past purchases, and items that they’re interested in remain private. Why? Well, aside from benign items in the “consumer electronics” space, these lists show the types of books, magazines, drugs, dietary supplements, toys and all sorts of things you are interested in, something that most people consider private.

Perhaps surprising to Windowshoppers, there is currently a “small” privacy breach with Amazon Windowshop. When you access Windowshop at the office, for instance, Amazon remembers what IP address you came from (which is shared with the rest of the office). Then, if anybody else in your office accesses windowshop.com, they can see your (supposedly) personalized storefront. Even if they are not logged in as you nor know your Amazon user/password, they can see all of the items you purchased, considered or listed. Basically, your shopping interests are revealed to everyone in your physical vicinity. Do you really want your office colleagues to know all of your likes/dislikes, medicines, personal care items, hobbies and product desires? (Note that this is also true when you access Windowshop through any WiFi hotspot such as coffee shops, a friend’s home, the airport.)

To demonstrate this “small” breach, I include here two screen captures. One is from the iPad that is logged into my account on Amazon. This is a screen capture of the “benign” consumer electronics section of the store. Then, I connected with another computer at the office and took a screen capture of the same section of the store. As you can see, the list of items is almost identical. Trust me, this happens also in much more personal item categories. At this point, anybody in the office can see my personalized shopping experience.

Windowshop Logged in on iPad

Windowshop on nearby computer

What can you do? Well, don’t use Amazon Windowshop unless you’re at home and are fine with those living there viewing your shopping choices. Or, only shop for those items that you wouldn’t mind being associated with you on, say, the front page of your local newspaper.

In both cases described here, it didn’t require a malicious user to get access to information that is considered “private” or set as private. As you might well suspect, malicious users have many more ways to get access to such information. I highlight these basic privacy vulnerabilities to make you realize how privacy on the Internet is much more of an “illusion” than reality.

Lesson #2: Beware. Nothing that you do online can be assumed to be private. Your best assumption is that it can – and might – be viewed.

“Anonymous” Blogging

Yesterday, I was speaking to someone, let’s call her Cathy, who wants to start a blog. Cathy has “explosive information” that she wants to share. However, she wants to do so anonymously because this is the only way that she’ll feel comfortable sharing such weighty information. What Cathy didn’t realized is that being anonymous, just like maintaining privacy, is an illusion. If her blog becomes so sensational and interesting, she would have to become a computer forensic expert to TRY to cover her tracks and keep her identity private. In the long run, it is extremely likely that Cathy will be revealed. My advice to her: Think through all of the ramifications of what you do online because it could be traced back to you. This brings me to Lesson #3: If you want to keep something private, really private, be very careful with it. Once it’s out there on the net, it’s very difficult to prevent it from becoming public.

Unintended Consequences

What happens when people have the “illusion of privacy”? Naturally, they feel more comfortable in sharing information, uploading photos and videos online, etc. Once they feel more comfortable about doing so, they do it more often. This, obviously, is the intention of Facebook, and many other corporations. As Sheryl Sandberg, COO of Facebook recently explained at DLD, a key trend is that people are moving from being receivers of information to broadcasters of information. It seems to me that Facebook is confusing what people do with what people want to do. People broadcast publicly when they don’t intend to do so. People are too often simply confounded by the illusion of privacy.

I’d love to hear what you think and if you are aware of other gaping privacy vulnerabilities that people might need to know about. Don’t forget to share this blog with those you think could benefit from giving more thought to their online meanderings.

UPDATE (Nov 8, 2012): Facebook apparently decided to remove my photo that was marked as private (I can no longer find it on Facebook). So it disappeared and the link broke. So I replaced it with a static image. I don’t think this has fundamentally changed what is said above – since email sharing of any private image on Facebook is still well supported by Facebook – allowing users to share any image (including those set to be “private”) with anybody, with or without a Facebook account.

17 Responses to The Illusion of Privacy

Tal,
Again, a great post.
Interesting to learn the fallacy of privacy you just show us is based in the simplicity of loose links that are persistent and publicly available if someone can learn their context
I am wondering if HTML5 webstorage security is weak enough (the spec has just one paragraph on same origin policy !!) that local storage can be exploited to mine such weak links
– perhaps I would avoid using HTML off-line view for at least 4 years – The fact, I have lived many more years with online only web – why to rush? It this a valid concern? – I am asking… I may see webstorage as a “pizza size cookie”

I’m quite shocked at the two examples you present, especially the facebook one. It just goes to reinforce my already heightened paranoia about putting stuff online. The sad truth of it is, it won’t be very long before people will be forced to conduct their life online, and there won’t be many ways to avoid it.
The illusion of privacy is really powerful. We don’t even think about it consciously, but nothing that’s online is really private; and even things which are built to be guarded as private are only one smart hacker away from being public. Does anyone give a second thought to writing an email, or viewing a bank account? Ask Sony if you want to know how secure your online private information really is.
Excellent job in pointing this stuff out. Was this general knowledge or is it a bug Facebook and Amazon are unaware of?

Interesting post Tal, thanks for writing it. It would be interesting to see if your readers share more such privacy glitches in the comments. I guess what bothers me the most about Facebook is that there’s nothing I can do if someone takes a picture of me at some event or meetup and posts it to his account. I’m sure there are photos out there I’m not even aware of. Sure, I can ask the person to take it down, I can report it (which wouldn’t be a very friendly act), but at the end of the day the only real way to get your face off the web is to avoid being photographed.

I was recently at a meet up and a friend pulled out his shiny iphone to take a picture of the both of us. Apparently there is a new app out there that automatically tags you by face detection. While I appreciate the technology, I became a bit frightened. You see, this friend of mine probably has 2,000-3,000 friends on Facebook. My own profile photo is a very blurry one, a scan of a photo from almost 10 years ago, with my face half covered by my dog. Yet, the app instantly detected who I was. Not sure what to make of it – does it indicate a very blurry image is sufficient for face recognition? If not, does it mean the app digs down someone’s friends list and a priori maps everyone’s faces? Whatever it may be, that’s it for me – this company will forever have my face “coordinates”. Not happy about that at all.

To sum up, I’d like to offer a rephrase to Lesson #3:
Lesson #3: If you want to keep something private, keep it offline.

Tal! I totally agree with your view on “Privacy” on Facebook. In a way, i think it’s more like giving users an iPhone, but telling them they can only make phone calls on it. The need of the hour is probably a non-delusional unifying metaphor – the one that captures various levels of interpersonal trust that is both comprehensive and simple.

As much as we wish for a more fine-grainedcontrol, guess the safer way is to adhere to the common-sense boundary settings about what’s relevant to share, and what’s off-limits.

I guess none of this should come as a surprise to anyone, and yet I’m certain it will.

The huge shift in shopping, booking, sharing, listening and viewing to on-line sources that has happened and will continue to happen means we’re almost all exposed to the kind of gaps that you’ve highlighted.

Security is always about a mixture of actual and perceived measures to deter inappropriate or dishonest use of assets – your home security system has a prominent box with flashing lights on the wall that will put off many intruders, the web padlock performs precisely the same function.

Last year while skiing I suffered from a burglary when builders and our cleaner got confused over who was meant to set the alarm on leaving our house, so neither got round to it. Stupidly we’d left the keys to two cars in the house so the burglars had the nerve to carefully pack up our treasured belongings into our own cars and drive them away!

Not only that but we were in the process of selling the house, so the estate agents (realtors to those of you in the USA) had helpfully posted detailed photographs and plans of our property on the internet – a total coincidence? I think not.

The learning points from that experience apply equally on the web. Before you do ANYTHING on the web – even in supposedly private domains, assume someone else you don’t know is looking, and is thinking about how to use the information you provide to their gain and your loss.

As you noticed Tal, I recently got phished on my Twitter account. Very simple, clever tactic – you get an e-mail from a trusted friend that says “check out what’s being said about you on the internet”. You click on what looks exactly like a Twitter icon and are taken to a page that looks exactly like the Twitter sign-on page – the only clue (spotted too late) is that the url is http://www.tvvitter.com. You enter your password and username and hey presto the phisher gets to send the same stupid message to all your contacts.

All the browsers now offer an incognito feature that is aimed at allowing you to browse without leaving history of you having visited. That’s so you can buy your wife’s birthday present without her being able to see that in your history list. I don’t doubt it gets used for other stuff too, but it does seem a sensible option to use in any public environment as a protective measure.

Great post, Tal, as always.
To begin with, your opening of the posts resonates with some of the concepts in the book Predictably Irrational by Dan Ariely (http://danariely.com/). Our behaviour is many times completely irrational in relation to our (conscious) desires and wishes. In this context, we might invest a great deal in door locks and an alarm system, but the physical windows to our private home might be easily broken into; Or we leave the key unattended at the office wrongly assuming no one can make the connection that this cubicle is occupied by the person living at this and that address.
So, continuing lesson #3, if you want to keep something private, really private, don’t store it electronically at all – knowing how easy it is for a hacker to get into a computer’s hard disk. Actually, don’t store it at all, other than your brain, if you are dead serious about your privacy.
Oh, and if you are very concerned about someone trying to get hold of your private data, DO NOT read the following proverb:
The fact that you are paranoid does not mean that no one is following you!

On the other hand, if you wish to be part of the 21st century connected world you must appreciate that you need to give up a significant part of your privacy in order to be part of this connected community.
How much are you willing to give up? I think that this blog post has some fine examples of the things you should, or should not, be doing to match your lifestyle and desires.

Most people don’t have anything to hide, but would still prefer privacy.
Even without Facebook, what’s private nowadays anyway?
Big Brother is everywhere and in everything – A George Orwell’s 1984 world.

Good investigative reporting Tal!
I am not sure which scares me more, the Amazon or the Facebook example. I think that because Facebook offers privacy settings it is largely responsible for people’s illusions regarding privacy. Your example should also strike fear into investors thinking of jumping on Facebook’s pending IPO. People may be gullible and too trusting but they have proven they have the power to move mountains when they are wronged and if companies don’t take better measures to protect privacy or live up to their promises it is not unthinkable that consumers will just walk away from Facebook.

Excellent material here Tal. You’ve left out a bit though I think. Facebook (and Amazon I suppose) claim to OWN the data that you put on their systems don’t they? Or perhaps “claim” is too clear a term and rather “don’t claim not to own your data” is more accurate. It seems to me that their are multiple layers to the illusion; the illusion that your data is not public and the illusion that your data is private.

Thanks to all for the terrific response. I really do think this is an important matter for a wide variety of people. This has become a multi-part series, I have too much more on the topic. Some clues about these are in the responses below – some scary stuff there too:

Some responses to comments:

Eduardo, you’d have to move to live on Mars if you want to avoid HtML5 offline for the next 4 years…

Adi, you surprise me – you? “shocked” by Facebook? Absolutely, we’re practically forced to all move online. One thing I don’t yet know about – Google Docs. How insecure is it really from an end user perspective? Amazon hosted EC2? I tend to think these two are substantially better than the examples I just have given – if it is due to the encrypted links, the level of authentication, firewalls, etc. I think these are better off. But if someone hacks into Google / Facebook / Amazon / Ebay and takes data, have they (and their users) got a real problem…
I stumbled upon these myself from actually experiencing them and asking the questions to figure it out. I don’t know if this is general knowledge. Hopefully, now it is.

Anuj, the photo in this article was “created” in order to prove the point. However, I was shocked that when I could just pull the URL off a picture and send it to someone who was not my friend on Facebook, they could see it without any authenticated access… The Amazon Windowshop – was just like that, I showed someone windowshop and he checked it out online and saw my “personalized” experience… I was shocked then. What the hell?

Alon, Facebook knows SO MUCH about each of us – whether we are signed up or not. Much of that was obtained by the “convenient feature” to allow pulling in one’s contacts from their web-based email (e.g. Gmail/Yahoo Mail). From that (and other places) they know almost everything about you – your name, email address, telephone numbers (yes, these are often stored in contact information), snapshots (these two could be associated with your contacts), all your network (anybody that has sent/received mail from you), where you work, area where you live, gender, age, etc. Again, let me repeat – this is not for people registered on Facebook, this is for people that ARE NOT registered on Facebook and have not provided any information voluntarily to Facebook. This will probably be part of the next post in this about-to-become series.

Roopa, see what I wrote Alon – it’s not just what WE share, it’s also what anybody else unintentionally shares about us. That’s the scary part. Notice how Alon’s photo was recognized even though he never shared a recognizable photo…

Kapil, again – it’s private as long as NOBODY shared it – not just you… Example – your mobile number. If it is in anybody’s address book and they allowed Facebook the “convenience” of scanning their contacts, guess what – Facebook have it. Now do they publish it? Not naively. However, I have been able to obtain people’s personal details by creating a dummy Facebook account and just asking them for a minor favor that nobody would deny me… more on this in another post, perhaps.

Tony, thx. Sorry to hear about your home being robbed. The Internet is a dangerous place we cannot live without. But being careful and trying to avoid danger is still advised best practice. Just what to be careful with is becoming difficult to avoid.

Ilan, right. Getting in is unavoidable. Just take more calculated risks.

Tim, I hardly think this issue will dampen the excitement of the Facebook IPO. Both of these examples demonstrate careless neglegence by these companies which we entrust with very sensitive information. The amount of sensitive data that they have about us (whether we are users or not, as I explained briefly above) is staggering and alarming.

Steve, you’re right (thought I believe Facebook has updated/clarified that issue). People are more comfortable in the large corporations having their data than common criminals or organized crime. Nevertheless, the fact that Facebook/Google/Amazon have such explosive amount of data makes them prime targets for getting at that data. I don’t think it’s really a question of “if” but rather “when” there will be such a breach… might take a while, though.

Your title says it all and I have said exactly that for years. Privacy on-line is completely an illusion. I go by the assumption, and live by the credo, that I have nothing to hide. It’s the only way I can participate on-line, because I know any hope of controlling access to “anything” is wishful thinking at best, and naive optimism at worst (which is what I am afraid Facebook users that spend a lot of time adjusting their privacy settings are practicing).

@Alon – Regarding photos taken in public places, US law has for years been essentially that you have no expectation of privacy in public places. I learned this in the 1970’s when my dad made educational/commercial filmstrips (remember those?). He could take random photos in public places and include them in his filmstrips. I believe that law still holds.

Maybe I’m missing something, but even without this static image URL (is it random-ish? did you check?), anyone who you’ve authorized to view the image on facebook can simply download and forward it or share it as public. How then does the existence of a static URL change your privacy situation vs the already obvious one where anything you share with anyone (or a trojan shares on your behalf) may become public?

I have been on the Internet for 30 years, and my basic assumption still remains – assume anything you put online can be accessible by anyone.

As much as you’re right about Facebook’s security being far away from full proof, it still provides decent security for the vast majority of the average person’s needs. I personally would still post personal information on Facebook, as long as I don’t care too much about people getting access to it.

I would also guess that most people say they want privacy, but would not be willing to put their money behind this statement, and pay for decent access control. Hence, most people should be able to live with the half baked solution they get for free. What should probably change is the awareness to these security holes, and even when it does, I predict people would still keep posting almost everything online.

Tal, Great post – I’ll share it on FB – and hopefully it goes viral. LOL I have many FB friends who are always shocked that their information could be shared with anyone. I guess many folks are still learning that the internet is open and accessible to everyone and nothing you do online is a secret. Your article will help to open up their eyes.

Tal Givoly has over 20 years of telecommunications technologies and software development experience, and has held management positions in technology, innovation, intellectual property, research, development, standards, and product management at Amdocs, XACCT, MIS, and other companies. Until March 2011 and for the 7-years prior, Tal was Chief Scientist at Amdocs and led innovation activities across the company.

Tal is a prolific inventor with over 25 granted patents. Tal is recognized for his passion for, and expertise in, innovation, being invited to speak at major industry events such as TeleManagement World, Mobile World Congress, CTIA and Billing & OSS World. He was also actively involved in industry forums and standard bodies including TM Forum, IETF, ATIS, and IPDR.org. Tal was a director on the board of IPDR.org and TM Forum. Tal has been named one of the top 10 people to follow in OSS/BSS.

Tal is now a full-time entrepreneur and inventor – focused on trying to build some world-changing companies. The most important startup Tal is now involved in is Medivizor, as Co-Founder and CEO. Occasionally, he shares his thoughts on this blog.